Warning |
---|
!!! We are currently migrating this Cloud Instance to our own hosted Server instance !!!Please follow this link to get to the content you wanted: https://wiki.resolution.de/x/GQCxAQThanks for your understanding. |
SAML Single Sign On is is tested with Confluence Data Center in the following environment.
...
Code Block |
---|
<VirtualHost *:443> ProxyRequests off # # confluence59.lab.inserve.local is set up as CNAME to postgres01 in the DNS # ServerName confluencedc59.lab.inserve.local # # Set a routeID-header. This is important to get sticky sessions: All requests from a client must # be served by the same Confluence node. # Without this header, WebSudo is not wirking and the SAMLSSO-Plugin caused redirection-loops between the Confluence nodes. # Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED <Proxy balancer://confluencecluster> BalancerMember http://confluencedc01.lab.inserve.local:8090 route=confluencedc01 BalancerMember http://confluencedc02.lab.inserve.local:8090 route=confluencedc02 # Security "we aren't blocking anyone but this the place to make those changes Order Deny,Allow Deny from none Allow from all </Proxy> # Here's how to enable the load balancer's management UI if desired <Location /balancer-manager> SetHandler balancer-manager # You SHOULD CHANGE THIS to only allow trusted ips to use the manager Order deny,allow Allow from all </Location> # Don't reverse-proxy requests to the management UI ProxyPass /balancer-manager ! # Reverse proxy all other requests to the Confluence cluster ProxyPass / balancer://confluencecluster/ stickysession=ROUTEID ProxyPassReverse / balancer://confluencecluster ProxyPreserveHost on SSLProxyEngine On SSLEngine on SSLCertificateFile /etc/ssl/localcerts/star.lab.inserve.local.pem SSLCertificateKeyFile /etc/ssl/localcerts/star.lab.inserve.local.key SSLCertificateChainFile /etc/ssl/localcerts/labca.pem ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> |
...